TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentralTechCentral
    NEWSLETTER
    • News

      Fixing SA’s power crisis is not complex: it simply takes the will to do better

      12 August 2022

      Consortium makes unsolicited bid for state’s 40% stake in Telkom

      12 August 2022

      Actually, solar users should pay more to access the grid – here’s why

      12 August 2022

      Telkom says MTN talks remain on track

      12 August 2022

      Analysis | Rain muddies the waters with approach to Telkom

      11 August 2022
    • World

      Tencent woes mount, even after $560-billion selloff

      12 August 2022

      Huawei just booked its first sales rise since US blacklisting

      12 August 2022

      Apple remains upbeat about iPhone sales even as Android world suffers

      12 August 2022

      Ether at two-month high as upgrade to blockchain passes major test

      12 August 2022

      Gaming industry’s fortunes fade as pandemic ends

      11 August 2022
    • In-depth

      African unicorn Flutterwave battles fires on multiple fronts

      11 August 2022

      The length of Earth’s days has been increasing – and no one knows why

      7 August 2022

      As Facebook fades, the Mad Men of advertising stage a comeback

      2 August 2022

      Crypto breaks the rules. That’s the point

      27 July 2022

      E-mail scams are getting chillingly personal

      17 July 2022
    • Podcasts

      Qush on infosec: why prevention is always better than cure

      11 August 2022

      e4’s Adri Führi on encouraging more women into tech careers

      10 August 2022

      How South Africa can woo more women into tech

      4 August 2022

      Book and check-in via WhatsApp? FlySafair is on it

      28 July 2022

      Interview: Why Dell’s next-gen PowerEdge servers change the game

      28 July 2022
    • Opinion

      No reason South Africa should have a shortage of electricity: Ramaphosa

      11 July 2022

      Ntshavheni’s bias against the private sector

      8 July 2022

      South Africa can no longer rely on Eskom alone

      4 July 2022

      Has South Africa’s advertising industry lost its way?

      21 June 2022

      Rob Lith: What Icasa’s spectrum auction means for SA companies

      13 June 2022
    • Company Hubs
      • 1-grid
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»Promoted Content»The evolution of ransomware: What to expect in 2020 and beyond

    The evolution of ransomware: What to expect in 2020 and beyond

    Promoted Content By Skybox Security18 June 2020
    Facebook Twitter LinkedIn WhatsApp Telegram Email

    Keeping pace with rapid change in the cybersecurity field, the evolution of ransomware has been swift and complex since the malware’s inception. The scattergun approach to ransomware distribution that used to be popular with criminals (peaking in 2017 with the WannaCry attack) has now fallen to the wayside in favour of more targeted attacks on individual businesses.

    The driver behind this change is simple: businesses are more likely to submit to the demands of the ransomware. They’re scared of the regulatory fines that they will be subject to if any data gets exposed (particularly since the advent of GDPR and other similar regulatory measures recently introduced across all 50 US states) so criminals know that they are more likely to pay, and pay big, if they fall prey to an attack.

    >> Listen to the podcast: Skybox Security on toughening up IT defences in a pandemic

    Attackers have been emboldened in this approach due, in no small part, to ransomware growing in sophistication. Look at Sodin (okibi) ransomware as one example. Released in 2019, it can burrow deep into a system to elevate privileges by planting itself in CPU architecture. This makes it much harder to detect and, therefore, less likely to be removed.

    Evolution of ransomware is driven by profitability

    Attackers don’t want to waste their time on ransomware that isn’t delivering on profitability. As ransomware becomes more sophisticated, the chances of its success increases. When criminals are confident that they can profit from organisations with deeper pockets than your average PC user, you can bet they’re going to give it a shot. And that’s exactly what’s happening now.

    This doesn’t mean that attackers have a lot of easy wins under their belts. Targeting specific businesses may require a lot of “dwell time” on a victim network, spending anywhere from days to months trying to identify a chink in the armour that they can exploit. Because of this, companies have time to detect and remediate any malicious presence. If they’re quick to act, they emerge unscathed and the only loss will be felt by the attacker. But if the attacker’s patience pays off, they’re likely to hit the jackpot.

    How doxware is changing the game

    There are new malware tactics being deployed by attackers that are helping them seal the deal during a successful ransomware attack. Look at doxware, for example, heralded by some as the next step in the evolution of ransomware. It may be new on the block – it was only in November 2019 that Maze ransomware became the first to offer attackers the ability to upload stolen data to a public site if they don’t receive payment – but it adds a new threat level that wasn’t there before. And it’s gaining in popularity. Since November, we’ve seen several new doxware products come onto the market.

    While the profits associated with successfully attacking a large organisation were compelling enough for most malicious actors, the ability to threaten the exposure of sensitive data makes attacking large organisations irresistible. The leverage that they gain through doxware is worth the additional time and effort expended during these targeted attacks. The more fear they can incite, the higher the payout.

    OT environments are under increasing threat from ransomware

    Another way that use of ransomware is developing can be found in the network areas in which it is, and will be, deployed. Specifically, criminals are honing their focus on operational technology (OT) environments. These are areas that are incredibly difficult to protect – they run on outdated technology that cannot be scanned or patched, many machines and devices are critical to operations so cannot be turned off and, although a lot of these machines pre-date the Internet, they are now being forced to connect with Web-connected devices – and are important at a nation-state level (particularly thinking about utilities like oil, gas, water, electricity, etc).

    New viable ransomware attacks on OT-adjacent systems have been demonstrated; this is something that’s only going to increase. As seen in the Vulnerability and Threats Report 2020, the number of new advisories issued by ICS-CERT between 2019 and 2020 increased by 53%. Attackers are coming after OT; ransomware is a very valuable tool and it’s doubtless that they are going to use it to its full potential.

    We’re going to hear about more ransomware attacks this year

    We can also expect to hear about more incidents as a result of companies now being forced to disclose data breaches. This is important to consider when you hear stories about a rise in ransomware attacks over the next year – the actual number of ransomware attacks may not dramatically increase, but the number of public disclosures will. Companies now have nowhere to hide.

    Finally, it’s important to talk about the current sophistication level of ransomware. Although attackers have made a lot of progress in terms of the malware’s sophistication, as an industry it is still fairly rudimentary from an economic perspective. There is a lot of room for growth, both in terms of malware sophistication and financial potential. The market is far from being saturated and the tools that are currently being deployed are not yet operating at maximum efficiency. Like any professional in any other industry, we can expect to see ransomware developers and deployers work to improve efficiency. This means that there will be greater depth to the business models used by deployers, including the intelligence on which their deployments are based.

    Really, we are in the early stages of ransomware’s potential. The need for security leaders to understand how criminals are able to implant this malware within their networks is great now and will get greater still as time moves on. The time to act to protect businesses from the real and present threat of ransomware is yesterday; if businesses fail to contain their network perimeter, they will likely be forced to pay out a lot of money – both to criminals and to relevant regulatory authorities.

    About Skybox Security
    At Skybox Security, we provide you with cybersecurity management solutions to help your organization innovate rapidly and with confidence. We get to the root of cybersecurity issues, giving you better visibility, context and automation across a variety of use cases. By integrating data, delivering new insights and unifying processes, you’re able to control security without restricting operational agility. Skybox’s comprehensive solution unites different security perspectives into the big picture, minimises risk and empowers security programmes to move to the next level. With obstacles and complexities removed, you can stay informed, work smarter and drive your organisation forward, faster.

    To learn more about Skybox Security, join one of our FREE technical workshops or contact us zasales@skyboxsecurity.com.

    • This promoted content was paid for by the party concerned
    Skybox Skybox Security
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticleEskom implements ‘load reduction’ in Gauteng
    Next Article Zimbabwe’s Econet expands use of Tesla batteries

    Related Posts

    Get your brand in front of TechCentral’s amazing audience

    12 August 2022

    Pricing Beyond CMYK: printers answer the FAQs

    11 August 2022

    How secure is your cloud?

    10 August 2022
    Add A Comment

    Comments are closed.

    Promoted

    Get your brand in front of TechCentral’s amazing audience

    12 August 2022

    Pricing Beyond CMYK: printers answer the FAQs

    11 August 2022

    How secure is your cloud?

    10 August 2022
    Opinion

    No reason South Africa should have a shortage of electricity: Ramaphosa

    11 July 2022

    Ntshavheni’s bias against the private sector

    8 July 2022

    South Africa can no longer rely on Eskom alone

    4 July 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.